Articles about Security

Point of sale systems at risk from underlying vulnerabilities

Point of sale NFC

Last week we reported on the PoSeidon malware threatening credit card security by stealing transaction details.

Charles Henderson vice president of managed security testing at information security specialist Trustwave believes that there's a bigger underlying problem with the way retailers implement PoS systems putting them at risk.

Continue reading

How secure is your bank? Security firm reports vulnerabilities in 70 percent of mobile banking apps

vulnerability in banking apps 1

People are becoming increasingly concerned about their security. They use two-step authentication, login alerts, and third-party security services to better protect their email and social media accounts. One would hope for a similar -- if not more secure -- level of protection from our banks. After all, this is the place where we put most of our earnings and savings. However, apparently we are all mistaken. Mobile security firm Appvigil is reporting that as many as 70 percent of the top 100 mobile banking apps on the Android operating system in the APAC region are vulnerable to security attacks and data leaks. Don’t live in the said region? That’s no reason to relax. The report further pinpoints vulnerabilities in mobile banking apps found in other regions as well.

The security firm tested the mobile banking apps of the top 29 Indian banks and 71 more in the Asia Pacific region and the results are staggeringly bad. "Most of the mobile banking apps failed and many didn’t employ even the basic security checks expected. The communication between the apps & their servers is still in the unencrypted format i.e. in HTTP instead of HTTPS", the report reveals.

Continue reading

Anonymous proxies used to carry out shotgun DDoS attacks

DDoS attack

We're all increasingly concerned about our privacy and the footprint that we leave on the internet. It's not surprising then that more of us are turning to anonymous proxies to hide our origin IP and HTTP details.

But new research from website security company Incapsula has uncovered a darker side to the use of anonymizers as a source of DDoS attacks.

Continue reading

Enterprise security places increased reliance on threat intelligence

Hidden threat

It's easier to combat security threats if you're prepared for them so it isn't perhaps surprising that security teams are increasingly turning to threat intelligence to stay ahead of the game.

A new report commissioned by endpoint protection specialist Webroot and prepared by the Ponemon Institute shows that most companies believe threat intelligence is essential for a well-rounded cybersecurity defense and has proven effective in stopping security incidents.

Continue reading

British Airways frequent flyer Executive Club accounts compromised

british-airways-900x506

Tens of thousands of British Airways frequent flyer accounts have been compromised in a cyberattack, forcing the company to freeze the accounts and issue an apology, the media have reported.

British Airways sporadically responded to tweets from concerned customers, The Register reports. In one such exchange it said:

Continue reading

Syrian Electronic Army hacks Hostgator, FastDomain and more for hosting terrorist sites

Syrian Electronic Army hacks Hostgator, FastDomain and more for hosting terrorist sites

It has been a little while since we heard anything from the Syrian Electronic Army, but now the group has made an appearance once again. SEA has hacked five big-name hosting companies -- Bluehost, Justhost, Hostgator, Hostmonster and FastDomain -- all part of the Endurance International Group.

SEA launched the attacks on the five hosts for "hosting terrorists websites" (sic) adding to the list of high-profile names it has already targeted -- a list that includes names such as Skype, Facebook, PayPal, Twitter and Microsoft. No sites were mentioned by name for having gained SEA's attention.

Continue reading

GitHub hit by its biggest DDoS attack ever

GitHub hit by biggest DDoS attack ever

GitHub is still in the throes of a massive DDoS attack which has blighted the site since Thursday. While the origins of and reasons for the attack is not yet fully known, the fact that two projects relating to Chinese anti-censorship have been targeted speaks volumes.

Now into its fifth day, the attack turned into something of a tug-of-war. Just as GitHub thought it had managed to wrestle back control of the site, a fresh wave was unleashed. The evolving attack is the largest in GitHub's history and engineers "remain on high alert".

Continue reading

Fake Puush update steals passwords from Windows users

Fake Puush update steals passwords from Windows users

Screenshot-sharing app Puush has inadvertently infected Windows users with malware. Over the weekend, the Puush server was breached and a fake, malware-infected program update was put in place. This means that anyone updating to version r94 of the software is infected.

The malware tries to grab passwords from infected systems, and was noticed after users complained on Twitter that the latest update had been flagged up by BitDefender. As a precautionary measure, the update server has been taken offline, and a clean update has been made available as a standalone download.

Continue reading

Snowden's leaks served only to strengthen the NSA's resolve

Snowden's leaks served only to strengthen the NSA's resolve

Edward Snowden is heralded as both a hero and villain. A privacy vigilante and a traitor. It just depends who you ask. The revelations he made about the NSA's surveillance programs have completely changed the face of online security, and changed the way everyone looks at the internet and privacy.

But just before the whistle was blown, it seems that the NSA was considering bringing its telephone data collection program to an end. Intelligence officials were, behind the scenes, questioning whether the benefits of gathering counter-terrorism information justified the colossal costs involved. Then Snowden went public and essentially forced the agency's hand.

Continue reading

The FBI wants your computer and mobile to be insecure

The FBI wants your computer and mobile to be insecure

You'd think that governments would be encouraging people to keep their computers and personal data safe. Until relatively recently, this has been exactly what the FBI has been pushing -- suggesting that phone users should enable encryption on their handsets. But it seems that there has been something of a change of heart. It's probably Snowden's fault.

Now, as part of an "ongoing website redesign", advice about using encryption and protective PINs has vanished from the FBI website. Forget the security-focused devices such as the Blackphone 2, it appears that the bureau wants your data, and you, to be insecure.

Continue reading

Slack is tardy to the two-factor authentication party

Slack is tardy to the two-factor authentication party

Following a four-day long security breach back in February, chat and collaboration tool Slack is finally getting two-factor authentication. Last month, the encrypted central user database was accessed by hackers although there is no indication that hashed passwords were decrypted.

Slack insists that no payment information was seen by hackers, and while the breach is far from good news, there is a silver lining: it has forced the company to look harder at security. Starting today, two-factor authentication is available which locks down accounts via the Android, iOS and Windows Phone apps.

Continue reading

Exclusive: Widespread security flaw affects hundreds of UK news sites

Exclusive: Widespread security flaw affects hundreds of UK news sites

A security flaw has been discovered in a number of UK news websites, potentially placing 24.5 million users at risk. The problem was found in websites run by Johnston Press, a UK media group that is responsible for scores of regional news websites.

Just a few days ago we reported about the findings of security researcher Brute Logic. He discovered an XSS vulnerability on Amazon that risked exposing user data and could be used to compromise accounts. Now the same researcher has discovered another cross-site scripting security flaw that could be used to redirect visitors to malicious websites -- and it's worryingly simple to exploit.

Continue reading

Google has a new data compression extension for Chrome -- do you trust it?

Google has a new data compression extension for Chrome -- do you trust it?

A couple of days ago Google launched a Chrome extension that compresses web pages. This is a feature that has been available for the iOS and Android versions of Chrome, but now it has hit the desktop. It's something that will be off interest to people whose ISP puts data caps in place.

Launched on March 23, the Data Saver extension is currently in beta (come on, this is Google… what did you expect?) and it helps to "reduce the amount of data Chrome uses". This might sound appealing, but it does mean that your traffic is routed through Google's own servers. Do you trust Google enough?

Continue reading

Is your computer bugging you? [Q&A]

PC surveillance camera

Data leaks due to security flaws and hacker activity constantly make the news, but they're not the only ones that businesses have to worry about. Leaks can stem from employee or industrial espionage activity too and of course there's always government snooping.

Whilst larger businesses with sensitive data or intellectual property to protect often check for old-style surveillance they may not be as aware of the potential for PCs and other gadgets to gather intelligence as well as leak data. We spoke to Andre Ross, Director of Australian digital forensics and information security company Elvidence to find out how businesses may be at risk and what they can do to combat it.

Continue reading

Don't go to Xtube without protection -- the adult site could give you a nasty infection

xtubeMBAE2-965x395

A month ago, Malwarebytes reported that adult site RedTube had been compromised and was infecting unsuspecting visitors with malware. That issue was swiftly fixed, but now the security firm reports another adult site, Xtube, is currently serving exploits.

While attacks of this nature usually come via malicious advertising (malvertising), in this instance the nasty snippet of code has been injected directly into Xtube itself.

Continue reading

© 1998-2015 BetaNews, Inc. All Rights Reserved. Privacy Policy.